>>It will also increasingly pull its advanced functions from the cloud until, at some future date, it simply becomes your public interface to a new wealth of low latency, high performance, and cloud capabilities tied to the thinnest of connected hardware devices.<<

> This security focus is to assure entire classes of malware won't execute on the system.

DRM. It is always about DRM. The security threat from unsigned operating systems is extremely low. They tried to force it since a decade. They will destroy their own platform in my opinion. They will get some users, but not the innovative ones that are needed to build upon their platform. The will repeat their mistakes again.

This focus on safety is complete FUD and Windows 11 probably doesn't offer anything to users in reality.

That sentence is factually untrue. TPM does not prevent ransomware, despite what some people claim on Twitter. In fact, Bitlocker makes ransomware's job easier as now the whole disk is already encrypted and all you need (as a ransomware writer) to do is make encryption keys unusable (rotate keys through existing APIs, encrypt them on the disk or backup to c2 & overwrite).

Malware can still destroy or tamper with UEFI partition, Windows simply won't boot afterwards. Btw, tampering with Windows boot process is still possible - mainly due to many signed bootloaders (including some from previous Windows versions) which could be used to chainload something like minimal Linux initramfs containing KVM setup to run Windows with PCI passthrough (providing rw access to whole memory).